mirror of
https://github.com/nganhkhoa/CTF-All-In-One.git
synced 2024-12-25 11:41:16 +07:00
add ppt
This commit is contained in:
parent
5c4df18f5a
commit
f66305c535
@ -19,7 +19,7 @@ skanlite cantata kdenlive konversation libreoffice-still thunderbird-kde k3b cup
|
|||||||
|
|
||||||
yaourt -S:
|
yaourt -S:
|
||||||
|
|
||||||
virtualbox tree git ipython ipython2 gdb google-chrome tcpdump vim wireshark-qt edb ssdeep wps-office strace metasploit pwntools peda oh-my-zsh-git radare2 binwalk burpsuite checksec netcat wxhexeditor
|
virtualbox tree git ipython ipython2 gdb google-chrome tcpdump vim wireshark-qt edb ssdeep wps-office strace ltrace metasploit python2-pwntools peda oh-my-zsh-git radare2 binwalk burpsuite checksec netcat wxhexeditor
|
||||||
|
|
||||||
pip3/pip2 install:
|
pip3/pip2 install:
|
||||||
|
|
||||||
|
@ -442,8 +442,47 @@ f7510000-f76df000 r-xp 1cf000 /usr/lib32/libc-2.26.so
|
|||||||
该模块用于格式化字符串漏洞的利用,格式化字符串漏洞是 CTF 中一种常见的题型,我们会在后面的章节中详细讲述,关于该模块的使用也会留到那儿。详见 *3.3.1 格式化字符串漏洞*
|
该模块用于格式化字符串漏洞的利用,格式化字符串漏洞是 CTF 中一种常见的题型,我们会在后面的章节中详细讲述,关于该模块的使用也会留到那儿。详见 *3.3.1 格式化字符串漏洞*
|
||||||
|
|
||||||
#### gdb
|
#### gdb
|
||||||
|
`pwnlib.gdb`
|
||||||
|
|
||||||
|
在写漏洞利用的时候,常常需要使用 gdb 动态调试,该模块就提供了这方面的支持。
|
||||||
|
|
||||||
|
两个常用函数:
|
||||||
|
- `gdb.attach(target, gdbscript=None)`:在一个新终端打开 gdb 并 attach 到指定 PID 的进程,或是一个 `pwnlib.tubes` 对象。
|
||||||
|
- `gdb.debug(args, gdbscript=None)`:在新终端中使用 gdb 加载一个二进制文件。
|
||||||
|
|
||||||
|
上面两种方法都可以在开启的时候传递一个脚本到 gdb,可以很方便地做一些操作,如自动设置断点。
|
||||||
|
|
||||||
|
```python
|
||||||
|
# attach to pid 1234
|
||||||
|
gdb.attach(1234)
|
||||||
|
|
||||||
|
# attach to a process
|
||||||
|
bash = process('bash')
|
||||||
|
gdb.attach(bash, '''
|
||||||
|
set follow-fork-mode child
|
||||||
|
continue
|
||||||
|
''')
|
||||||
|
bash.sendline('whoami')
|
||||||
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
# Create a new process, and stop it at 'main'
|
||||||
|
io = gdb.debug('bash', '''
|
||||||
|
# Wait until we hit the main executable's entry point
|
||||||
|
break _start
|
||||||
|
continue
|
||||||
|
|
||||||
|
# Now set breakpoint on shared library routines
|
||||||
|
break malloc
|
||||||
|
break free
|
||||||
|
continue
|
||||||
|
''')
|
||||||
|
```
|
||||||
|
|
||||||
#### memleak
|
#### memleak
|
||||||
|
`pwnlib.memleak`
|
||||||
|
|
||||||
|
该模块用于内存泄露的利用。可用作装饰器。它会将泄露的内存缓存起来,在漏洞利用过程中可能会用到。
|
||||||
|
|
||||||
#### rop
|
#### rop
|
||||||
|
|
||||||
|
@ -230,7 +230,7 @@ $ ssdeep -bm hash.txt modified.elf
|
|||||||
```text
|
```text
|
||||||
-a --all Scan the entire file, not just the data section [default]
|
-a --all Scan the entire file, not just the data section [default]
|
||||||
-t --radix={o,d,x} Print the location of the string in base 8, 10 or 16
|
-t --radix={o,d,x} Print the location of the string in base 8, 10 or 16
|
||||||
-e --encoding={s,S,b,l,B,L} Select character size and endianness:
|
-e --encoding={s,S,b,l,B,L} Select character size and endianess:
|
||||||
s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
|
s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
|
||||||
```
|
```
|
||||||
|
|
||||||
|
BIN
ppt/01_fight-with-linux.pdf
Normal file
BIN
ppt/01_fight-with-linux.pdf
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user